> On 14 Jan 2025, at 09:17, Code Ranger <coderanger2...@outlook.com> wrote: > > > To be honest, I don’t understand what the problem is. I am trying to provide > the ability to dynamically add directives to boot-layer modules with the full > consent of the application developer, without any restrictions like the > mandatory prior use of --add-* parameters (which obviously defeats the whole > idea of a dynamic approach). The ModuleLayer.Controller class has only four > methods (essentially 1 + 1 + 1 + 1). I refuse to believe that JDK developers, > who are clearly highly skilled and experienced programmers, cannot solve this > problem. > > So, what’s the issue? Do we really want the instructions for adding a plugin > in Java to look like this: > > 1. Install the plugin. > 2. Stop the application. > 3. Add --add-exports ..., --add-opens .... > 4. Restart the application. > > Best regards, CR
What you’re proposing, i.e. a mechanism to grant a specific module the permission to edit the boot layer and, in particular java.base, may be workable in practice, but the problem is that it is probably a very bad idea. Opening java.base is not only unrecommended but an extreme operation that could be dangerous (even result in undefined behaviour or worse) and is meant as a temporary measure until the underlying issues that require it are fixed. Needing to open or export packages in java.base signifies a problem with the program and is not a normal or healthy mode of operation. The Integrity by Default JEP (https://openjdk.org/jeps/8305968) offers recommendations for how code that, say, serializes java.base classes should work without opening java.base. Remember that modules are a feature added to allow code that needs to trust certain invariants to do so, and the JDK modules, java.base in particular, need such invariants to ensure their correct operation. A plugin that requires hacking the JDK internals is a problematic plugin, and one that could risk the entire application. The user needs to be aware when such a plugin is used. If you believe it's okay for the invariants of your core components possibly being compromised by plugins, that’s fine — and you can do what Alex suggested — but the JDK isn’t okay with that. If you insist on opening java.base to all code, that is an extreme, non-standard, and dangerous mode that *should* require extreme measures such as employing an agent — not a standard API. — Ron
